Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above.
You may have to register before you can post: click the register link above to proceed.
To start viewing messages, select the forum that you want to visit from the selection below.

I need your help to unlock 10.9 Mavericks Screen Saver Authentication. In previous versions of Mac OS X, it was possible to enter the name of any local administrator account credentials and bypass the screen saver, regardless of who was currently logged into the console. Great for IT depot's that maintain a local master admin account. Example: An IT staff member could do maintenance/troubleshooting at an end user's Mac, even if the person had left the Mac workstation locked with a screen saver at lunchtime (i.e.; the end user was not required to physically unlock the screen saver)

Does anyone know if this behavior can be changed/reverted? Is this behavior stored in an XML plist or in /etc/authorization file?

I used to know how to do this with 10.7 Lion and 10.8 Mountain Lion but not this time with 10.9 Mavericks due of different files stored in /etc/

Here what I used to do with 10.7 and 10.8. Read below and please help me how can I work this with Mavericks.

I haven't looked into it but I would not be surprised if they have changed it. If they did, I would suspect its most likely an incidental change, although I would love to find out it was actually on purpose.

You see your request although seemingly justified is bad for overall security, specially in an environment where user accountability might be an issue. For example in the medical records, where the doctor that orders/approves/requests a procedure or change to patient care is accountable for the consequences. This is the reason that Mac OS has no means to show you what the actual password of a user is, but will let you change it. Changing a password gets logged, and when you don't have access to a users original password you will be neither able to unlock their keychain nor set the password back to what it used to be without triggering a log entry.

Now I understand that in small environment this is neither necessary nor secure, since the only person with access or expertise into the logs is the admin, and he can alter or delete these files. But in an environment with auditing procedures and secured log servers this functionality makes things much better.

My suggestion to you and your admins is to have fast user switching enabled by default. This way when a computer is locked in the screen saver you can simply hit the switch user button and access the admin account that will let you maintain/upgrade/install almost anything necessary.